IT Security Audit and Enforcement
Security Assessment and Remediation
Increased systems security tops virtually every organizational list as the area where continued improvements are critical. Protection from malicious threats or accidental loss surrounding the confidentiality, integrity or availability of information is not only a business requirement for today’s organization, but increasingly a legal and ethical one.
K1000 security audit and enforcement is an easy-to-use, cost effective appliance-based complement to traditional desktop management software security packages. The K1000 provides users with the ability to uncover and remediate problems quickly, saving you time and your company money. The K1000 helps identify vulnerabilities across all end nodes, and enforce compliance with company policies across all desktops, laptops and servers. It reduces the risk of malware, spyware, and viruses, and eliminates vulnerabilities. This helps reduce user down time due to infection or other security breaches, and in those instances when problems cannot automatically be fixed, allows systems to be quarantined to prevent them from infecting the rest of the network.
Security Configuration Policy Enforcement
The K1000 provides several easy-to-use ways to enforce PC configurations for improved security. First K1000 security audit and enforcement includes a number of pre-built policies that provide drop down options for easy deployment. These include:
- Enforcing XP Firewall settings; allow control of users’ Windows XP SP2 Firewall including logging and allowing TCP traffic on ports required to enable remote administration tools such as the Microsoft Management Console (MMC) and Windows Management Instrumentation (WMI) and to receive Remote Desktop requests.
- Enforcing IE security settings: allow control of users' Internet Explorer preferences including home page, privacy and security policies.
- Enforcing anti-virus settings: allow control of settings for McAfee and Symantec Antivirus packages, verifying that the software is installed with the configuration specified.
- Disallowing programs: disallow the running of specified executables.
- Quarantine policies for compromised devices: This enables administrators to sever communications between a computer and all other systems when a network security risk has been identified. An editable Message Dialog displays in a popup for the user when the quarantine takes effect. The only system able to communicate with the quarantined computer is the K1000.
K1000 security audit and compliance is fully is integrated with the entire range of other K1000 functionality including computer inventory, remote administration, software distribution, patch management and compliance reporting. This integration greatly increases the ability of the K1000 to neutralize security vulnerabilities, and allows users to maintain security compliance across systems. It provides the ability to scan individual nodes, groups of nodes or even all nodes on a network for a complete view of vulnerability, and is fully integrated with patching to quickly remediate or quarantine any discovered vulnerabilities, network-wide. The K1000 can also perform security remediation for remote systems though remote administration. In addition, the ticket archiving and configuration history features enable IT organizations to create and maintain an accurate audit trail.
K1000 security audit and enforcement includes OVAL-based vulnerability scanning of all managed Windows systems. OVAL is the information community standard endorsed by US Computer Emergency Readiness Team (US Cert) and the Department of Homeland Security. It promotes open, publicly available security content and standardization of its transfer across security tools and services. This includes setting the testing schedule (Security/OVAL Tab), and results reporting. Over 1700 pre-defined tests are included, and new tests are added as they are defined and published.
The K1000 allows for the flexible scheduling and targeting of OVAL vulnerability scans. For instance scans can be scheduled to occur on a reoccurring basis (daily, weekly, etc.), or can be triggered manually. In addition scans can be targeted at individual machines, groups of machines or an entire network. During an OVAL scan, each target Windows machine is checked against the current list of known vulnerabilities. The output from the scan lists pass/fail results for each vulnerability. The results of scans are then reported by both vulnerability and machine providing the necessary information to quickly plan and execute remediation.
SCAP Scanning and FDCC Compliance
The K1000 Management Appliance features the Security Content Automation Protocol (SCAP) configuration Scanner, for use in configuration assessment and reporting. The SCAP scanner is integrated into the K1000 Appliance and provides easy to use automated scan scheduling and detailed reporting that enable IT managers to manage common endpoint configurations and confirm organizational compliance requirements such as the Federal Desktop Core Configuration (FDCC) standard.
FDCC is a set of compliance requirements created by the U.S. Government that define configuration requirements for securing computing systems against threats. The K1000 SCAP Scanner enables agencies of all sizes to audit their systems to ensure FDCC compliance, but may also be used by other organizations who seek to leverage the FDCC benchmarks to help enforce their own set of configuration standards.
The K1000 FDCC Scanner is certified by the National Institute of Standards & Technology (NIST) and is one of the selected few tools that are eligible for use at government agencies.